Operation Aurora: Further activity - copycat sites

Filed Under: Malware, SophosLabs, Vulnerability

As previously predicted, copycat attacks attempting to exploit the IE zero day vulnerability (CVE-2010-0249) were inevitable.

Though numbers are still very low, over the past 24 hours or so we have seen a few sites serving up malicious code attempting exploit the vulnerability. Sophos products are blocking the content as Troj/ExpJS-N.

For the sites that are still active, the payloads are another Mal/PcClient variant being blocked as Mal/Generic-A, and a downloader Trojan being pro-actively detected as Mal/BredoPk-B.

SophosLabs will continue monitoring the situation, but as yesterday, stay alert for the patch which Microsoft have announced they will release ahead of the regular monthly cycle.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s